Description
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.
Exploits (1)
Nuclei Templates (1)
Revive Adserver 4.2 - Remote Code Execution
CRITICALVERIFIEDby omarjezi
Shodan:
http.favicon.hash:106844876 || http.title:"revive adserver"
FOFA:
icon_hash=106844876 || title="revive adserver"
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/512076
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/542670
Vendor Advisory x_refsource_misc
https://www.revive-adserver.com/security/revive-sa-2019-001/
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html
Scores
CVSS v3
9.8
EPSS
0.8908
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2026-03-09
CWE
CWE-502
Status
published
Products (1)
revive-sas/revive_adserver
< 4.2.0
Published
May 06, 2019
Tracked Since
Feb 18, 2026